Quadratic Equations from a Kind of S-boxes

Algebraic attack studies ciphers from the point of view of solving equations. It is important to measure the security of block ciphers how many linearly independent bi-affine or quadratic equations they satisfy. As the S-box is the main nonlinear part of block ciphers, it really makes sense to get the number of linearly independent bi-affine and quadratic equations that an S-box satisfies to analyse the security of block ciphers. The article answers this question for two S-boxes based on APN power functions, and shows how to find out the equations by two toy examples. The techniques can be generalized to other S-boxes constructed by power functions. According to these conclusions, we can estimate the safety of such kind of block ciphers.